First of all, a few disclaimers:
1. I am not a computer geek and I am not good at coding. I am merely a layman who has found some useful tools for computer privacy and security and knows a thing or two about computers (I’m also not a lawyer so any legal ramifications should be talked about with a legal professional).
2. This article is about what a layman can do to secure their computer and browse privately in the Windows operating system (OS). As such, not all of the products listed herein may work in an Apple or Linux OS.
3. I am not affiliated with any of the following-mentioned software and devices. I do not receive any monetary compensation for endorsing them. In fact, all of the products listed are either free or have a free version that I currently use. Thus ends the disclaimers.
I’ll give a little basic background about myself and this article.
I’m a paranoid (one of the things my dad tells me is that my tinfoil hat is on too tight) 14-year-old, who lives in rural Minnesota, and has a nominal budget. I mostly just use my computer for accessing the Internet and storing some files (plus the occasional video), so what I consider good may be inadequate for someone who works remotely or uses their computer to play high-quality games.
This article was originally going to be very different. It was going to be about a version of Linux called Puppy Linux. Suffice it to say I have run into some speed bumps. This is not to discourage you from working on some of the more complex attributes of computers. In fact, I still want to use a version of Linux and I would fully encourage you to delve deeper into things like Linux and some of the more esoteric uses of VeraCrypt (see below). In spite of this, I have come to realize that while I, or anybody else, is experimenting with alternative OS like Linux we ought to (at least partially) ensure our security and privacy with Windows. Since this is free and, also, fairly easy, we should take a little bit of time to secure the OS that most of us use. Not to mention, there are probably quite a few people reading this that would never even consider migrating from Windows but still want a secure and private computer experience. So, without further ado, this is what I’ve come up with.
The browser I use is Brave. This is an open-source browser that has some great features. It has an ad blocker (which regrettably blocks SurvivalBlog ads so disable the shield for SurvivalBlog) and also has the option of in-private windows with The Onion Router (Tor) built-in. I haven’t tried it and only include here for interest). You can do just about anything with it that you can do with a standard browser. It is generally regarded as one of the most private browsers available, right up there with Firefox (which I no longer use due to their CEO’s anti-conservative comments found here.). I discovered this browser partially through SurvivalBlog, and partially through other online recommendations. You can download it here.
A Virtual Private Network (VPN) is advantageous for masking your IP address (among other things). The best free VPN, according to my research, would be ProtonVPN. Basically, what ProtonVPN does, is it connects your computer through a tunnel to a server. That server’s IP address then appears in the place of your own when you search. All VPNs do this, however, ProtonVPN has other, additional features as well. It encrypts your connection, has a scrupulous no-log policy, and it doesn’t have any ads. It doesn’t bar you from using the VPN after a certain amount of bandwidth is used due to the no logs policy and it has similar Swiss privacy protections as its sister company ProtonMail. You can see the rest of its features here.
The free version comes with a mere three countries to route your traffic through (the USA, the Netherlands, and Japan) and limited servers in those countries (and is thus supposedly slower due to more people competing for fewer servers), but it is still fast enough for anything I do. One caveat to consider, however, is that ProtonVPN states: “ProtonVPN supports most popular Internet browsers. However, ProtonVPN uses cutting-edge technology that is only supported in the latest versions of these browsers”. This means that you must have a version later than or equal to the version listed on the website above. Interestingly enough though, Brave browser is not listed but is still supported. I verified this by looking up my IP through Brave and it is also generally considered to work with Brave on other sites online. I found out about this service from ProtonMail’s e-mails and ProtonMail login info will work for ProtonVPN. You can install ProtonVPN here.
A highly regarded firewall is ZoneAlarm. This firewall will provide you with the security any good firewall would with a two-way firewall that monitors traffic going into and out of your computer. I read about this in the book One Nation, Under Surveillance by Boston T. Party. You can install it here.
This next one is a handy antivirus program called AVG Antivirus. With the Smart Scan (it comes with numerous other types, too) it analyses browser threats, viruses and other malware, and advanced issues with your computer such as whether you have basic firewall protection. I heard about this from an unlikely source, as a matter of fact: the Cadet Safety Officer at my Civil Air Patrol Squadron. You can download it here.
What I use is a fantastic program, called VeraCrypt, to generate an encrypted file container on my computer. An encrypted file container is, in this case, a file on your computer that contains all your other files inside of this. VeraCrypt also creates this file so that it can’t be identified as a VeraCrypt volume (at least from a cursory check). Once you’ve created this volume all you have to do is select an available disk letter, select the volume from your files, and enter your password. It is then treated as a regular drive.
VeraCrypt is an open-source program with a lot of cool features and is a descendant of the mysteriously discontinued file encryption system TrueCrypt. Assuming a sufficiently strong password and encryption algorithm (e.g. AES) it would take such a long time to decrypt as to make it next to worthless to attempt to decrypt the volume without the correct password (so don’t forget it!!!). The program has a ton of extra features that are probably too involved for this article, such as hidden volumes and a hidden OS, so I’ve just covered the basics.
If you want to learn more about these features (which I would heartily encourage you to do) you can read about everything here. For our purposes you should still at least skim the beginner’s guide. I learned about this one after reading about TrueCrypt in the book One Nation, Under Surveillance by Boston T. Party and subsequently discovering that the program was discontinued. You can download VeraCrypt here.
You may not be aware of this, but if you delete a file it isn’t actually destroyed. It is merely counted as free space to be overwritten at a later date (as shown here, here, and here.) This means that you can’t just delete all those critical files you copied to VeraCrypt. You have to truly erase them by multiply over-writing those file sectors. You can erase them with an open-source program called Eraser. This is a rather simple program and fairly self-explanatory. You can run tasks to be executed manually, recurring, have them run on completion, or on restart. There are many different erasure methods like Gutmann standard (probably overkill) and standards used by the Department of Defense. I found out about this one through One Nation, Under Surveillance by Boston T. Party. You can download Eraser here.
These are all fine, free pieces of software (most of them are also open-source) and they will greatly help you in becoming more private and help in securing your device. These are also all fairly easy to install and don’t take too much effort. I would like to encourage you to experiment with more things like the above (or even stuff that’s drastically different). Experiment more with VeraCrypt and/or Linux. Upgrade if you love the free versions of these items.
Please note that I wrote this article to help people have a little more than the modicum of security and privacy that’s average while using their Windows OS. If you’re number one on the NSA’s watch list, then this probably won’t help you much since you’ll have a supercomputer against you. I for one am (probably) not number one on a watch list and most people aren’t actually important enough to warrant such scrutiny. Thus, this will work for most people, is relatively simple, and even I know how it works.